'SpringSecurityContext is not passed when app is working in pods GKE

I need to get a UserDetails in servlet filter. So I'm getting it from SecurityContextHolder.getContext().getAuthentication() like this -

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
     UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication()
        .getPrincipal();
...
}

Locally the user is fetched from the Security context, but when deploying the app to GKE the SecurityContextHolder.getContext().getAuthentication() is null.

I've tried to configure SecurityContextHolder to MODE_INHERITABLETHREADLOCAL like this, but it didn't help

@Configuration
public class SecurityContextHolderConfig {
  public SecurityContextHolderConfig() {
    SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
  }
}

still SecurityContext is not passed to the Filter in a pod. (app packaging is WAR) configuration - Spring oauth2-client with JWT authentication (in the header)

spring-bootspring-securitykubernetes-pod


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to return 404 for pages that do not exist when using Grails Spring Security Plugin

spring sas 0.2.0 access_token throw 'Access is denied'

AuthenticationSuccessEvent never fired

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

@EventListener for AuthenticationSuccessEvent or InteractiveAuthenticationSuccessEvent not fired

CookieCsrfTokenRepository allows the client to create its own Csrf Tokens

Authorization Header not getting displayed in CURL springdoc-openapi-ui

Getting 404 error in spring boot even though method is logging statements

Consider defining a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository' in your configuration

Customizing the TokenEndpoint in spring security OAuth2

Swagger UI being blocked by Spring Security

Spring boot security, always redirects to login page, if navigate through address bar

How does SecurityContextHolder.getContext().getAuthentication() work?

automatically redirect to login page after session timeout - JSP, Spring

Spring security - Disable logout redirect